Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Possible XSS Vulnerability
After getting blocked by mod_security today I did some checking of the logs and this is happening every other day, luckily the other days I was not blocked just other IP's.

The XSS comes from jscripts/jquery.cookie.js

Screenshots provided.

NOTE: I am unable to add new issues to the bug report system for some odd reason.

MyBB Version: 1.6.8
Plugins: MyGW2Code, MyForumIcons

Attached Files Thumbnail(s)
Official Site:
Coming Soon: &

Follow me on twitter: @MochaCoder
jquery.cookie.js is not part of MyBB.
[Image: banner.png]
Gah, didn't even pay attention to the core package. I found the issue, forgot about one plugin and it is part of that one. I will report it to the plugin dev.

Guess I won't, their site is down and no thread on this forum.
Official Site:
Coming Soon: &

Follow me on twitter: @MochaCoder
It would help if you could say which Plugin it is, so if one of us uses it, he/she also knows to remove it for good, or until further notice.

There is hardly any list of plugins that are maybe dangerous. Could be valueable informations so we can do something before maybe getting hacked.


do we know the plugin?

Forum Jump:

Users browsing this thread: 1 Guest(s)